Account & Security
Rotating API keys
How to rotate your API keys without downtime.
Why rotate keys?
Regular key rotation limits the blast radius if a key is ever leaked. We recommend rotating keys every 90 days, or immediately if you suspect a compromise.
Steps to rotate without downtime
- Go to Dashboard → API Keys
- Click Create new key — give it a name like "Production v2"
- Copy the new key and update it in your application/plugin configuration
- Verify your application is working with the new key
- Go back to API Keys and revoke the old key
Tip: Keep both keys active during the transition period. Predax allows multiple active keys per account.
Revoking a compromised key
If a key has been exposed (e.g., committed to a public repo):
